Conti ransomware group

GPTKB entity

Statements (53)
Predicate Object
gptkbp:instanceOf cybercrime
gptkbp:acceptsPaymentMethod gptkb:Bitcoin
gptkb:cryptocurrency
gptkbp:alsoKnownAs gptkb:Conti
gptkbp:associatedWith gptkb:Wizard_Spider
gptkbp:connectsTo gptkb:Costa_Rica_cyberattack_2022
gptkb:Ireland_Health_Service_Executive_attack_2021
gptkbp:disbanded May 2022
gptkbp:firstAppearance December 2019
https://www.w3.org/2000/01/rdf-schema#label Conti ransomware group
gptkbp:knownFor aggressive negotiation tactics
public shaming of victims
gptkbp:language gptkb:Russian
gptkbp:leakOccurred February 2022
gptkbp:leakRevealed gptkb:law
financial transactions
internal chat logs
gptkbp:leakSource gptkb:ContiLeaks
gptkbp:listedOn gptkb:CISA
gptkb:US_Department_of_State
gptkb:Europol
gptkb:FBI
gptkbp:membersMovedTo other ransomware groups
gptkbp:notableFor data leaks
double extortion attacks
high ransom demands
gptkbp:operates ransomware-as-a-service
gptkbp:origin gptkb:Russia
gptkbp:primaryMotivation financial gain
gptkbp:ransomDemanded $10 million (Costa Rica)
$20 million (Ireland HSE)
gptkbp:rewardAmount $10 million
gptkbp:rewardOfferedBy gptkb:US_Department_of_State
gptkbp:supportedBy gptkb:Russian_invasion_of_Ukraine
gptkbp:tactics phishing
data exfiltration
lateral movement
exploiting vulnerabilities
encryption of files
remote desktop protocol brute force
threatening to leak data
gptkbp:target gptkb:government_agency
healthcare organizations
critical infrastructure
corporate networks
gptkbp:usesMalware gptkb:Ryuk
gptkb:Cobalt_Strike
gptkb:Conti_ransomware
gptkb:TrickBot
gptkbp:website gptkb:Conti_News_leak_site
gptkbp:bfsParent gptkb:Trickbot
gptkb:Conti_News
gptkbp:bfsLayer 6